Iam suite introduction


Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Access System enables single sign-on across any number of protected enterprise resources. COREid provides out-of-the-box SSO for a large number of packaged applications, application servers, mainframe systems, which allows it to be seamlessly integrated into any enterprise environment.
  • Story Line: It’s all about knowing who has what, when, how and why. It’s the world’s largest provisioning deployment. True measure of scalability is number of users x number of resources. Most vendors claiming “millions” of users only have a couple of applications being managed. The “millions” of users is in one directory. Integrated 800 applications in 2 years, with less than 4 developers. Will be at 1200 applications in another 12 months. Integrating up to 10 applications a week.
  • Story line: SWA mechanics need to log into Boeing to access maintenance manuals. SWA does not want to download manuals and Boeing does not want to maintain mechanic’s identities. FAA has regulations limiting distribution and timeliness of update of service manuals. Federation resolves all above challenges. The savings on OIF due to reduction of employee UID/PWD pairs helped SWA avoid union wage negotiations, as the mechanics made the statement that having to remember additional credentials to do their job would require additional wages. Interesting facts: OAM protects SWA’s intranet. When flight crew checks for a flight, they log in into OAM. SWA have a mixed environment: Microsoft ISA, WebSphere, Novell eDirectory. They use both OIF and WAM in conjunction.
  • Story Line:
  • Iam suite introduction

    1. 1. Introduction To Oracle Identity And Access Management (IAM) Shujaat Ali Sr. Security Specialist, Public Sector Sales Consulting
    2. 2. Agenda <ul><li>State of enterprise security and the need for IAM </li></ul><ul><li>Oracle solutions </li></ul><ul><li>Industry validations and customer success stories </li></ul><ul><li>The future of Oracle IAM </li></ul><ul><li>Summary and best practice </li></ul><ul><li>Q&A </li></ul>
    3. 3. 5 Questions to ask your CISO
    4. 4. <ul><li>Q: What’s posted on this monitor? </li></ul><ul><li>a – password to financial application </li></ul><ul><li>b – phone messages </li></ul><ul><li>c – to-do’s </li></ul>
    5. 5. <ul><li>Q: What determines your employee’s access? </li></ul><ul><li>a – give Alice whatever Wally has </li></ul><ul><li>b – roles, attributes, and requests </li></ul><ul><li>c – whatever her manager says </li></ul>
    6. 6. <ul><li>Q: Who is the most privileged user in your enterprise? </li></ul><ul><li>a – security administrator </li></ul><ul><li>b – CFO </li></ul><ul><li>c – the 3-peat summer intern who is now working for your competitor </li></ul>
    7. 7. <ul><li>Q: How secure is your identity data? </li></ul><ul><li>a – It is in 18 different secured stores </li></ul><ul><li>b – We protect the admin passwords </li></ul><ul><li>c – Privacy? We don’t hold credit card numbers </li></ul>
    8. 8. <ul><li>Q: How much are manual compliance controls costing your organization? </li></ul><ul><li>a – nothing, no new headcount </li></ul><ul><li>b – don’t ask </li></ul><ul><li>c – don’t know </li></ul>
    9. 9. Today’s IT Challenges <ul><li>More Agile Business </li></ul><ul><li>More accessibility for employees, customers and partners </li></ul><ul><li>Higher level of B2B integrations </li></ul><ul><li>Faster reaction to changing requirements </li></ul><ul><li>More Secured Business </li></ul><ul><li>Organized crime </li></ul><ul><li>Identity theft </li></ul><ul><li>Intellectual property theft </li></ul><ul><li>Constant global threats </li></ul><ul><li>More Compliant Business </li></ul><ul><li>Increasing regulatory demands </li></ul><ul><li>Increasing privacy concerns </li></ul><ul><li>Business viability concerns </li></ul>
    10. 10. State Of Security In Enterprise <ul><li>Incomplete </li></ul><ul><ul><li>Multiple point solutions from many vendors </li></ul></ul><ul><ul><li>Disparate technologies that don’t work together </li></ul></ul><ul><li>Complex </li></ul><ul><ul><li>Repeated point-to-point integrations </li></ul></ul><ul><ul><li>Mostly manual operations </li></ul></ul><ul><li>‘ Non-compliant’ </li></ul><ul><ul><li>Difficult to enforce consistent set of policies </li></ul></ul><ul><ul><li>Difficult to measure compliance with those policies </li></ul></ul>
    11. 11. Identity Management Values <ul><li>Trusted and reliable security </li></ul><ul><li>Efficient regulatory compliance </li></ul><ul><li>Lower administrative and development costs </li></ul><ul><li>Enable online business networks </li></ul><ul><li>Better end-user experience </li></ul>
    12. 12. Identity & Access Management Access Control Directory Services Identity Administration Authentication & Authorization Single Sign-On Federation Web Services Security Identity Lifecycle Administration Role & Membership Administration Provisioning & Reconciliation Compliance Automation Virtualization Synchronization Storage Service Levels Configuration Performance Automation Management Audit Data Attestation Segregation of Duties Controls Audit & Compliance
    13. 13. Oracle IAM Products Access Control Directory Services Identity Administration Oracle Access Manager Oracle Enterprise Single Sign-On Oracle Identity Federation Oracle Web Services Manager Oracle Identity Manager Oracle Virtual Directory Oracle Internet Directory (with Directory Integration Platform) Oracle Enterprise Manager for Identity Management Management Oracle Identity & Access Management Suite Audit & Compliance
    14. 14. Leader in Magic Quadrants User Provisioning, 1H 2006 Web Access Management, 2H 2006 Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the &quot;Leaders&quot; quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
    15. 15. Heterogeneous Support Applications Directories Application/Web Servers Operating Sys tems Groupware ACF-2 & TSS Portals RACF “ Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments.“ - Ray Wagner, Gartner, October 2006
    16. 16. Standards Support <ul><li>Contribute and lead </li></ul><ul><ul><li>SSTC (SAML Working Group) - Co-Chair </li></ul></ul><ul><ul><li>Liberty Alliance - President, Board Member </li></ul></ul><ul><ul><li>WSS, WS-SX (Web Services Security) - Author </li></ul></ul><ul><ul><li>SPML - Author </li></ul></ul><ul><ul><li>XACML – Voting member </li></ul></ul><ul><li>Implement </li></ul><ul><ul><li>Accelerate product development </li></ul></ul><ul><ul><li>Simplify product integration & minimize TCO </li></ul></ul><ul><li>Innovate </li></ul><ul><ul><li>Enable Identity Services Framework: CARML, AAPML </li></ul></ul><ul><ul><li>Standards for end-to-end security </li></ul></ul>
    17. 17. Access Control Oracle Access Manager (Web) Authentication & Authorization Oracle eSSO Suite (Desktop/Legacy) Single Sign-On Federation Oracle Identity Federation Web Services Security Oracle Web Services Manager
    18. 18. Oracle Access Manager <ul><li>Benefits </li></ul><ul><ul><li>Centralized and consistent security across heterogeneous environments </li></ul></ul><ul><ul><li>Reduced administration cost </li></ul></ul><ul><ul><li>Improved end user experience </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Web single-sign-on </li></ul></ul><ul><ul><li>Common policy management </li></ul></ul><ul><ul><li>Multi-level, multi-factor authentication management </li></ul></ul><ul><ul><li>Self-service and delegated administration </li></ul></ul><ul><ul><li>Workflow engine </li></ul></ul><ul><ul><li>Web Services interfaces </li></ul></ul>Oracle Access Manager (Web)
    19. 19. Oracle Enterprise SSO <ul><li>Benefits </li></ul><ul><ul><li>Eliminates forgotten passwords for Windows </li></ul></ul><ul><ul><li>desktop and applications </li></ul></ul><ul><ul><li>Improves security & user experience </li></ul></ul><ul><ul><li>Meet regulatory compliance </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Sign-on to any Windows, web, host, mainframe or Java application </li></ul></ul><ul><ul><li>Use any combination of tokens, smart cards, biometrics and passwords </li></ul></ul><ul><ul><li>Auto inactive session termination and application shutdown for shared workstation </li></ul></ul><ul><ul><li>Reset Windows password directly from locked workstation </li></ul></ul>Oracle eSSO Suite (Desktop/Legacy)
    20. 20. Oracle Identity Federation <ul><li>Benefits </li></ul><ul><ul><li>Secured integration with partners </li></ul></ul><ul><ul><li>Reduced administration cost </li></ul></ul><ul><ul><li>Improved end user experience </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Seamless SSO and identity sharing </li></ul></ul><ul><ul><ul><li>Multi-protocol gateway – SAML, Liberty, WS-Federation </li></ul></ul></ul><ul><ul><ul><li>Service Provider or Identity Provider </li></ul></ul></ul><ul><ul><li>Flexible deployment configurations </li></ul></ul><ul><ul><ul><li>Standalone for use with pre-existing web-access management solution </li></ul></ul></ul><ul><ul><ul><li>Protocol SDK for custom applications </li></ul></ul></ul>Oracle Identity Federation
    21. 21. Oracle Web Services Mgr. <ul><li>Benefits </li></ul><ul><ul><li>Quick and simple deployment </li></ul></ul><ul><ul><li>Provide standard (J2EE) policy </li></ul></ul><ul><ul><li>enforcement points </li></ul></ul><ul><ul><li>Enable SLA definition and monitoring, quality of service reporting. </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Declarative policy (no coding) </li></ul></ul><ul><ul><li>Rich library of pre-built policies </li></ul></ul><ul><ul><li>Centralized policy management with local enforcement </li></ul></ul><ul><ul><li>Supports WS-Security </li></ul></ul><ul><ul><li>Integrated security for SOA Suite/Services infrastructure </li></ul></ul>Oracle Web Services Manager
    22. 22. Identity Administration Lifecycle Administration Role & Membership Administration Provisioning & Reconciliation Compliance Automation Oracle Identity Manager
    23. 23. Oracle Identity Manager <ul><li>Benefits </li></ul><ul><ul><li>Reduced administration cost </li></ul></ul><ul><ul><li>Cost effective regulatory compliance </li></ul></ul><ul><ul><li>Improved security </li></ul></ul><ul><ul><li>Improved service level </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Identity life-cycle management for the heterogeneous enterprise </li></ul></ul><ul><ul><li>Approval and provisioning workflows </li></ul></ul><ul><ul><li>Role based access control </li></ul></ul><ul><ul><li>Complete integration solutions: OOTB connectors & Adapter Factory </li></ul></ul><ul><ul><li>Deep integration to ERP and HRMS </li></ul></ul><ul><ul><li>Audit and compliance reporting and process automation </li></ul></ul>Oracle Identity Manager
    24. 24. Directory Services Virtualization Synchronization Storage Oracle Virtual Directory Oracle Directory Integration Platform Oracle Internet Directory
    25. 25. Oracle Virtual Directory <ul><li>Benefits </li></ul><ul><ul><li>Rapid application deployment </li></ul></ul><ul><ul><li>Tighter controls on identity data </li></ul></ul><ul><ul><li>Real-time identity information access </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Modern Java & Web Services technology </li></ul></ul><ul><ul><li>Virtualization, proxy, join & routing capabilities </li></ul></ul><ul><ul><li>Superior extensibility </li></ul></ul><ul><ul><li>Scalable multi-site administration </li></ul></ul><ul><ul><li>Direct data access </li></ul></ul>Oracle Virtual Directory
    26. 26. Oracle Internet Directory With Directory Integration Platform <ul><li>Benefits </li></ul><ul><ul><li>Reduced operational cost with Oracle Grid support </li></ul></ul><ul><ul><li>Seamless integration with Oracle applications and products </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Full feature LDAP server with a RDBMS data-store </li></ul></ul><ul><ul><li>Industry leading scalability and HA capabilities </li></ul></ul><ul><ul><li>Strong Oracle platform integration </li></ul></ul><ul><ul><li>VSLDAP certified and EAL4 compliant </li></ul></ul><ul><ul><li>Entity level directory synchronization support for all major directory products (DIP) </li></ul></ul>Oracle Internet Directory
    27. 27. Identity Audit & Compliance Audit Data & Reporting Attestation Segregation Of Duties Controls Oracle Identity & Access Management Suite
    28. 28. Identity Audit & Compliance <ul><li>Benefits </li></ul><ul><ul><li>Cost effective compliance </li></ul></ul><ul><ul><li>Enhance data integrity and auditability </li></ul></ul><ul><ul><li>Real time and consistent enforcements </li></ul></ul><ul><ul><li>Enable compliance to SOX, GLB, HIPAA, J-SOX, … </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Comprehensive historical and temporal audit data </li></ul></ul><ul><ul><li>Comprehensive operational and historical reports </li></ul></ul><ul><ul><li>Attestation of entitlements </li></ul></ul><ul><ul><li>Segregation of duties via denial policies </li></ul></ul><ul><ul><li>Comprehensive system and exception logging </li></ul></ul><ul><ul><li>Integration with Audit Vault, ICM, and 3 rd party compliance products </li></ul></ul>Oracle Identity Audit & Compliance
    29. 29. Management Service Levels Performance Configuration Automation Oracle Enterprise Manager For Identity Management
    30. 30. Oracle Enterprise Manager For Identity Management <ul><li>Benefits </li></ul><ul><ul><li>Actively manage IdM service levels </li></ul></ul><ul><ul><li>Rigorous management of IdM technology stack </li></ul></ul><ul><ul><li>Simplified deployment, patching, and upgrade </li></ul></ul><ul><li>Features </li></ul><ul><ul><li>Automated modeling of IAM components and infrastructure </li></ul></ul><ul><ul><li>Define SLA, monitor and report </li></ul></ul><ul><ul><li>Response time, throughput, usage metrics, … </li></ul></ul><ul><ul><li>Server, application, and user level metrics </li></ul></ul><ul><ul><li>Automated discovery of IAM components and infrastructure </li></ul></ul><ul><ul><li>Discover & track configuration attributes / values </li></ul></ul><ul><ul><li>Installing, Patching, Upgrading, Cloning </li></ul></ul><ul><ul><li>Development  Test  Production </li></ul></ul>Oracle Enterprise Manager
    31. 31. Identity Management Customers Some Sample References Oracle Confidential Manufacturing & Transportation Financial Services Government & Public Sector Retail & Services Healthcare Technology & Communications
    32. 32. <ul><li>‘ Day one’ access lead time reduced to < 5 mins </li></ul><ul><li>Knowing Who Has Access to What = Priceless </li></ul><ul><li>Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems </li></ul><ul><li>Reduced compliance effort across 50 SOX-critical applications by 12 man weeks </li></ul><ul><li>Award winning deployment </li></ul>BUSINESS CHALLENGE <ul><li>Critical systems vulnerable to unmanaged & orphaned system accounts </li></ul><ul><li>No detailed audit trails of each user’s access rights – current and historical </li></ul><ul><li>Reduce the cost of user administration from $30.00 per access modification </li></ul><ul><li>Comply with external regulations – Sarbanes Oxley & Gramm-Leach-Bliley Acts </li></ul>RESULTS ORACLE SOLUTION <ul><li>Lehman selected Oracle Identity Manager over IBM, Sun, and CA </li></ul><ul><li>Very flexible (adaptable), open architecture simplified integration </li></ul><ul><li>Integrated with 800+ business applications </li></ul><ul><li>GUI-based business rule development </li></ul>Case Study – Lehman Brothers GLB & SOX Compliance
    33. 33. <ul><li>Oracle Access Manager solution saves Southwest $30/month per employee 40k users for a total of $1.2 million per month. </li></ul><ul><li>Also reduced equipment idle time at $15,000 per hour. </li></ul>BUSINESS CHALLENGE <ul><li>Wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer via the Web </li></ul><ul><li>Increase efficiency </li></ul><ul><li>Reduce the business costs of transactions with the aircraft manufacturers </li></ul>RESULTS ORACLE SOLUTION <ul><li>Oracle Access Manager and Oracle Identity Federation </li></ul><ul><li>Six week implementation </li></ul><ul><li>1st in airline industry to implement SAML </li></ul>Case Study – Southwest Airlines Seamless B2B Integration & Low TCO
    34. 34. <ul><li>User self service expected to lower cost and improve user adoption </li></ul><ul><li>Improved security and efficiency by migrating manual self service tasks to an automated system </li></ul>BUSINESS CHALLENGE <ul><li>DTI wanted to provided 12000 state employees with self service HR capability. </li></ul><ul><li>It also wanted to initiate eGovernment efforts to offer Delaware residents the ability to do common online tasks. </li></ul><ul><li>Most of the self service tasks were manual and paper/fax based. </li></ul>RESULTS ORACLE SOLUTION <ul><li>Oracle Access Manager, Oracle Virtual Directory, and OID chosen over Sun and CA, May 2006 </li></ul><ul><li>150K External Users, 12K Internal Users </li></ul><ul><li>Oracle Solution works with IBM WebSphere mid-tier and PeopleSoft HR </li></ul><ul><li>Oracle was able to demonstrate a web services based identity management solution </li></ul>Case Study – State of Delaware Convergence of HR and Identity Data
    35. 35. Looking Ahead <ul><li>Oracle will broaden security product portfolio </li></ul><ul><ul><li>Strategic priority for Oracle development </li></ul></ul><ul><ul><li>Strong authentication, role management, compliance … </li></ul></ul><ul><li>From security silos to built-in security </li></ul><ul><ul><li>Built into databases, middleware, enterprise applications </li></ul></ul><ul><ul><li>Identity Services Framework </li></ul></ul><ul><li>Project Fusion </li></ul><ul><ul><li>Single security model across Enterprise Applications Suite </li></ul></ul><ul><ul><li>Enforced uniformly at all parts of technology infrastructure </li></ul></ul><ul><ul><li>Across entire life-cycle from development to maintenance </li></ul></ul>
    36. 36. Identity Services Framework Oracle IAM Suite with Identity Services Framework Identity Provider Provisioning Authentication Virtualization & User Store WS-*, SPML, SAML, XACML, CARML Audit Legacy Integration Interface Connectors, Agents Federation & Trust Policy & Orchestration Oracle Fusion Applications & Middleware 3 rd Party ISF Aware Applications Legacy Applications User Management Authentication Authorization Federation Business Functions Business Functions Business Functions Custom Developed ISF Aware Applications Business Functions Administration Authorization Role Provider Identity Services Enterprise Identity Management Infrastructure Service Interfaces
    37. 37. Key Oracle Differentiators <ul><li>Complete suite of best-of-breed products </li></ul><ul><ul><li>Complete & best integrated identity management suite </li></ul></ul><ul><ul><li>Includes compliance, virtualization and system management </li></ul></ul><ul><ul><li>Market leadership validated by press and analysts </li></ul></ul><ul><li>Proven for large scale deployments </li></ul><ul><ul><li>Large, complex, and award winning deployments </li></ul></ul><ul><ul><li>Broad customer base and use cases </li></ul></ul><ul><ul><li>Large referenceable customer base </li></ul></ul><ul><li>Best long-term investment </li></ul><ul><ul><li>Strong support of open standards and hot-pluggable strategy </li></ul></ul><ul><ul><li>Pre-integrated with Oracle products – DB, middleware, apps </li></ul></ul><ul><ul><li>Pre-integrated with over 50 applications and infrastructure </li></ul></ul><ul><ul><li>Underpins Oracle’s next generation of Fusion Applications </li></ul></ul>
    38. 38. Key To Successful IAM Projects <ul><li>Establish the strategic nature of I&AM </li></ul><ul><li>Focus on processes and people , technology is only an enabler </li></ul><ul><li>Obtain executive support and buy-in </li></ul><ul><li>Develop overall business requirements and a starting point – directory, access management or provisioning </li></ul><ul><li>Select software based on requirements of today and the future </li></ul><ul><li>Follow a phased approach for integration of applications and different types of users </li></ul><ul><li>Get developers on board early on for integration with consolidated authentication, authorization and identity services </li></ul><ul><li>Put in place a comprehensive change management and communication plan </li></ul>